From 0079214dcef8565af7f1df64b3949aa4bcecb328 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 17 Mar 2017 09:01:19 +0100
Subject: [PATCH] openvpn: allow tunnel_network overrides to contain host
 addresses; closes #1476

---
 src/etc/inc/plugins.inc.d/openvpn.inc | 10 +++++-----
 src/www/vpn_openvpn_csc.php           |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc
index 5e46f87f6..e4ce3081d 100644
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@@ -332,7 +332,7 @@ function openvpn_validate_port($value, $name)
     return false;
 }
 
-function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4")
+function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = 'ipv4', $allow_hosts = false)
 {
     $value = trim($value);
     $error = false;
@@ -346,8 +346,8 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv
     }
 
     foreach ($networks as $network) {
-        if ($ipproto == "ipv4") {
-            $error = !openvpn_validate_cidr_ipv4($network);
+        if ($ipproto == 'ipv4') {
+            $error = !openvpn_validate_cidr_ipv4($network, $allow_hosts);
         } else {
             $error = !openvpn_validate_cidr_ipv6($network);
         }
@@ -363,7 +363,7 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv
     }
 }
 
-function openvpn_validate_cidr_ipv4($value)
+function openvpn_validate_cidr_ipv4($value, $allow_hosts = false)
 {
     $value = trim($value);
     if (!empty($value)) {
@@ -373,7 +373,7 @@ function openvpn_validate_cidr_ipv4($value)
         }
         /* IPv4 case is very strict, cannot be a host address */
         $mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
-        if ((ip2long($ip) & $mask) != ip2long($ip)) {
+        if (!$allow_hosts && (ip2long($ip) & $mask) != ip2long($ip)) {
             return false;
         }
     }
diff --git a/src/www/vpn_openvpn_csc.php b/src/www/vpn_openvpn_csc.php
index 46b29753e..bb05442d0 100644
--- a/src/www/vpn_openvpn_csc.php
+++ b/src/www/vpn_openvpn_csc.php
@@ -127,10 +127,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         exit;
     } else {
         /* perform validations */
-        if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network')) {
+        if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, 'ipv4', true)) {
             $input_errors[] = $result;
         }
-        if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
+        if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, 'ipv6', true)) {
             $input_errors[] = $result;
         }
         if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {