lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

openvpn: check ipv4 tunnel prefix. v2 (#5114)

Browse Source 
* wizard.inc: check ipv4 tunnel prefix
* vpn_openvpn_server.php: check ipv4 tunnel prefix
This commit is contained in:
kulikov-a 2021-07-22 10:02:55 +03:00 committed by GitHub
parent be90cf00a6
commit 35b373407c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/etc/inc/plugins.inc.d/openvpn/wizard.inc
View File

@ -440,6 +440,12 @@ function step10_submitphpaction()
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], gettext('IPv4 Tunnel Network'), false, 'ipv4')) {
$input_errors[] = $result;
} elseif (!empty($_POST['tunnelnet'])) {
// Check IPv4 tunnelnet pool size. Wizard makes tun mode with net30 server only.
list($ipv4tunnel_base, $ipv4tunnel_prefix) = explode('/',trim($_POST['tunnelnet']));
if ($ipv4tunnel_prefix > 28) {
$input_errors[] = gettext('A prefix longer than 28 cannot be used with a net30 topology.');
}
}
if ($result = openvpn_validate_cidr($_POST['tunnelnetv6'], gettext('IPv6 Tunnel Network'), false, 'ipv6')) {
@ -770,7 +776,7 @@ function step12_submitphpaction()
if (strpos($proto, '4') !== false) {
$rule['protocol'] = substr($proto, 0, -1);
$rule['ipprotocol'] = "inet";
} elseif (strpos($proto, '6') !== false) {
} elseif (strpos($proto, '6') !== false) {
$rule['protocol'] = substr($proto, 0, -1);
$rule['ipprotocol'] = "inet6";
} else {

12
src/www/vpn_openvpn_server.php
View File

@ -202,6 +202,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], gettext('IPv4 Tunnel Network'), false, 'ipv4')) {
$input_errors[] = $result;
} elseif (!empty($pconfig['tunnel_network'])) {
// Check IPv4 tunnel_network pool size
list($ipv4tunnel_base, $ipv4tunnel_prefix) = explode('/',trim($pconfig['tunnel_network']));
if ($pconfig['dev_mode'] == "tun") {
if ($ipv4tunnel_prefix > 28 && empty($pconfig['topology_subnet'])) {
$input_errors[] = gettext('A prefix longer than 28 cannot be used with a net30 topology.');
} elseif ($ipv4tunnel_prefix > 29 && !empty($pconfig['topology_subnet'])) {
$input_errors[] = gettext('A prefix longer than 29 cannot be used for tunnel network.');
}
} elseif ($pconfig['dev_mode'] == "tap" && $ipv4tunnel_prefix > 29) {
$input_errors[] = gettext('A prefix longer than 29 cannot be used for tunnel network.');
}
}
if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], gettext('IPv6 Tunnel Network'), false, 'ipv6')) {