| Message ID | 1557772405-23819-1-git-send-email-oliver.fuhrer@bluewin.ch |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 8912588AE37 for <patchwork@web07.i.ipfire.org>; Mon, 13 May 2019 19:34:32 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 452qGv38Q1z4xFg4; Mon, 13 May 2019 19:34:31 +0100 (BST) Received: from vimdzmsp-mail02.bluewin.ch (vimdzmsp-mail02.bluewin.ch [195.186.227.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 452qGq0JBRz4xFg1 for <development@lists.ipfire.org>; Mon, 13 May 2019 19:34:26 +0100 (BST) Received: from mail.0xdecafbad.info ([178.198.13.2]) by vimdzmsp-mail02.bluewin.ch Swisscom AG with SMTP id QFmFh1lNnjUrdQFmFhLs1v; Mon, 13 May 2019 20:34:19 +0200 X-Bluewin-Spam-Analysis: v=2.1 cv=WbrBExVX c=1 sm=1 tr=0 a=YHE3FDuBGPdfKus2i3ZD5A==:117 a=YHE3FDuBGPdfKus2i3ZD5A==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=E5NmQfObTbMA:10 a=qEZVf6OcnWQAlhKFRJIA:9 X-Bluewin-Spam-Score: 0.00 X-FXIT-IP: IPv4[178.198.13.2] Epoch[1557772459] Received: from buildhost7.vmlab.local (buildhost7.vmlab.local [192.168.10.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.0xdecafbad.info (Postfix) with ESMTPS id 35DC31D9D; Mon, 13 May 2019 20:33:42 +0200 (CEST) From: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> To: oliver.fuhrer@bluewin.ch Subject: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Date: Mon, 13 May 2019 20:33:25 +0200 Message-Id: <1557772405-23819-1-git-send-email-oliver.fuhrer@bluewin.ch> X-Mailer: git-send-email 1.8.3.1 X-0xDecafBad-MailScanner-Information: Please contact the ISP for more information X-0xDecafBad-MailScanner-ID: 35DC31D9D.A6B2D X-0xDecafBad-MailScanner: Found to be clean X-0xDecafBad-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-1, required 2, autolearn=not spam, ALL_TRUSTED -1.00) X-0xDecafBad-MailScanner-From: oliver.fuhrer@bluewin.ch X-Spam-Status: No X-CMAE-Envelope: MS4wfMyO5UaPWbLtQ0SD50QBfYhmxoC3JWUB2laBAWW8gEs3jytJ/ZSzzidF3aBhpm3E8dIgmlNqCOQnBWhmvr90YYGRWEjIg/PLtJDbL5dwsqn1RNmx+jCa 4vFYbPSc58Mm9KKchtZzMoMZ8fPC+SKMYjYUGYC8CA1w+OPitnibP0Ao5oeWxAAd0OVVl/gim+Wucm4xZTm29wwH3vOV4E0pfD3ex1w3VjuwPm0/+pYSaQIj Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of oliver.fuhrer@bluewin.ch designates 195.186.227.120 as permitted sender) smtp.mailfrom=oliver.fuhrer@bluewin.ch X-Rspamd-Queue-Id: 452qGq0JBRz4xFg1 X-Spamd-Result: default: False [0.59 / 11.00]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[2.13.198.178.zen.spamhaus.org : 127.0.0.11]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.186.227.0/24]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[bluewin.ch]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mx-v01.bluewin.ch,mx-v02.bluewin.ch,mxbw.lb.bluewin.ch]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3303, ipnet:195.186.0.0/16, country:CH]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[120.227.186.195.list.dnswl.org : 127.0.5.1] X-Rspamd-Server: mail01.i.ipfire.org Cc: development@lists.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
BUG 11696: VPN Subnets missing from wpad.dat
|
|
Commit Message
Oliver Fuhrer
May 14, 2019, 4:33 a.m. UTC
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. --- Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue. As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
Comments
Hi Oliver, I am afraid I wasn’t able to apply this patch either: [root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128 I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. Did you develop this on top of the next branch or did you add your changes to an older version of the file? Best, -Michael > On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > --- > Hi All > Apologies for the line-wrapping mess with the previous attempt. > Looks like Outlook isn't up for the task. > This Message is now sent directly via git, which should hopefully fix the issue. > > As I currently don't have any OpenVPN n2n connections, I could not > fully test this part, however some dry-runs looked rather promising > > > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 >
Hi Michael Sorry for wasting your time with that patch. The patch was created against master branch which was up to date in my repo. I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi. Let me know whether I should give this one a try. Regards Oliver -----Original Message----- From: Michael Tremer <michael.tremer@ipfire.org> Sent: Friday, May 17, 2019 23:33 To: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> Cc: development@lists.ipfire.org Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat Hi Oliver, I am afraid I wasn’t able to apply this patch either: [root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128 I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. Did you develop this on top of the next branch or did you add your changes to an older version of the file? Best, -Michael > On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > --- > Hi All > Apologies for the line-wrapping mess with the previous attempt. > Looks like Outlook isn't up for the task. > This Message is now sent directly via git, which should hopefully fix the issue. > > As I currently don't have any OpenVPN n2n connections, I could not > fully test this part, however some dry-runs looked rather promising > > > html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..e7ee1f3 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2738,6 +2738,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2763,6 +2767,26 @@ END > print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 >
Hi Oliver, > On 18 May 2019, at 00:50, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > Hi Michael > > Sorry for wasting your time with that patch. LOL No worries. The main thing is we are getting this right. The good news is that it applied. There were just genuine conflicts with the other changes. > The patch was created against master branch which was up to date in my repo. > I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi. > > Let me know whether I should give this one a try. If you have applied your changes to the new version of the file and tested them, you can send a third version of the file. Best, -Michael > > Regards > Oliver > > -----Original Message----- > From: Michael Tremer <michael.tremer@ipfire.org> > Sent: Friday, May 17, 2019 23:33 > To: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> > Cc: development@lists.ipfire.org > Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat > > Hi Oliver, > > I am afraid I wasn’t able to apply this patch either: > > [root@ipfire ipfire-2.x]# pwclient git-am -s 2251 > Applying patch #2251 using "git am -s" > Description: BUG 11696: VPN Subnets missing from wpad.dat > Applying: BUG 11696: VPN Subnets missing from wpad.dat > error: patch failed: html/cgi-bin/proxy.cgi:2763 > error: html/cgi-bin/proxy.cgi: patch does not apply > Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat > The copy of the patch that failed is found in: .git/rebase-apply/patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > 'git am' failed with exit status 128 > > I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. > > Did you develop this on top of the next branch or did you add your changes to an older version of the file? > > Best, > -Michael > >> On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: >> >> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >> subnets to wpad.dat so they don't pass through the proxy. >> --- >> Hi All >> Apologies for the line-wrapping mess with the previous attempt. >> Looks like Outlook isn't up for the task. >> This Message is now sent directly via git, which should hopefully fix the issue. >> >> As I currently don't have any OpenVPN n2n connections, I could not >> fully test this part, however some dry-runs looked rather promising >> >> >> html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ >> 1 file changed, 24 insertions(+) >> >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >> index 6daa7fb..e7ee1f3 100644 >> --- a/html/cgi-bin/proxy.cgi >> +++ b/html/cgi-bin/proxy.cgi >> @@ -2738,6 +2738,10 @@ sub write_acls >> >> sub writepacfile >> { >> + my %vpnconfig=(); >> + my %ovpnconfig=(); >> + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >> flock(FILE, 2); >> print FILE "function FindProxyForURL(url, host)\n"; >> @@ -2763,6 +2767,26 @@ END >> print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; >> } >> >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> + >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> print FILE <<END >> (isInNet(host, "169.254.0.0", "255.255.0.0")) >> ) >> -- >> 1.8.3.1 >> > >
Hi Michael > > Hi Oliver, > > > On 18 May 2019, at 00:50, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > > > Hi Michael > > > > Sorry for wasting your time with that patch. > > LOL No worries. The main thing is we are getting this right. > > The good news is that it applied. There were just genuine conflicts with the > other changes. > > > The patch was created against master branch which was up to date in my > repo. > > I have now created a new one based on the next branch. Looks like there > have been quite some changes to proxy.cgi. > > > > Let me know whether I should give this one a try. > > If you have applied your changes to the new version of the file and tested > them, you can send a third version of the file. Thanks, I just sent in another version of the patch which was created against next branch and tested it on a fresh build. Regards Oliver > > Best, > -Michael > > > > > Regards > > Oliver > > > > -----Original Message----- > > From: Michael Tremer <michael.tremer@ipfire.org> > > Sent: Friday, May 17, 2019 23:33 > > To: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> > > Cc: development@lists.ipfire.org > > Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat > > > > Hi Oliver, > > > > I am afraid I wasn’t able to apply this patch either: > > > > [root@ipfire ipfire-2.x]# pwclient git-am -s 2251 > > Applying patch #2251 using "git am -s" > > Description: BUG 11696: VPN Subnets missing from wpad.dat > > Applying: BUG 11696: VPN Subnets missing from wpad.dat > > error: patch failed: html/cgi-bin/proxy.cgi:2763 > > error: html/cgi-bin/proxy.cgi: patch does not apply > > Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat > > The copy of the patch that failed is found in: .git/rebase-apply/patch > > When you have resolved this problem, run "git am --continue". > > If you prefer to skip this patch, run "git am --skip" instead. > > To restore the original branch and stop patching, run "git am --abort". > > 'git am' failed with exit status 128 > > > > I tried to run a three-way merge, but there is literally a chunk of the file > that wasn’t there before it seems. > > > > Did you develop this on top of the next branch or did you add your changes > to an older version of the file? > > > > Best, > > -Michael > > > >> On 13 May 2019, at 19:33, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> > wrote: > >> > >> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > >> subnets to wpad.dat so they don't pass through the proxy. > >> --- > >> Hi All > >> Apologies for the line-wrapping mess with the previous attempt. > >> Looks like Outlook isn't up for the task. > >> This Message is now sent directly via git, which should hopefully fix the > issue. > >> > >> As I currently don't have any OpenVPN n2n connections, I could not > >> fully test this part, however some dry-runs looked rather promising > >> > >> > >> html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ > >> 1 file changed, 24 insertions(+) > >> > >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > >> index 6daa7fb..e7ee1f3 100644 > >> --- a/html/cgi-bin/proxy.cgi > >> +++ b/html/cgi-bin/proxy.cgi > >> @@ -2738,6 +2738,10 @@ sub write_acls > >> > >> sub writepacfile > >> { > >> + my %vpnconfig=(); > >> + my %ovpnconfig=(); > >> + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > >> flock(FILE, 2); > >> print FILE "function FindProxyForURL(url, host)\n"; > >> @@ -2763,6 +2767,26 @@ END > >> print FILE " (isInNet(host, > \"$netsettings{'ORANGE_NETADDRESS'}\", > \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; > >> } > >> > >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); > >> + foreach my $network (@networks) { > >> + my ($vpnip, $vpnsub) = split("/", $network); > >> + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > >> + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > >> + } > >> + } > >> + } > >> + > >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > >> + foreach my $network (@networks) { > >> + my ($vpnip, $vpnsub) = split("/", $network); > >> + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > >> + } > >> + } > >> + } > >> print FILE <<END > >> (isInNet(host, "169.254.0.0", "255.255.0.0")) > >> ) > >> -- > >> 1.8.3.1 > >> > > > >
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )