diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 16eb7055b15..008d1e363bb 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -964,7 +964,11 @@ function ipsec_write_strongswan_conf()
if (!empty($net_list)) {
$net_list_str = implode(",", $net_list);
$strongswanTree['charon']['plugins']['attr']['subnet'] = $net_list_str;
- $strongswanTree['charon']['plugins']['attr']['split-include'] = $net_list_str;
+ if(!empty($a_client['net_list_explicit'])) {
+ $strongswanTree['charon']['plugins']['attr']['split-include'] = $a_client['net_list_explicit'];
+ } else {
+ $strongswanTree['charon']['plugins']['attr']['split-include'] = $net_list_str;
+ }
}
$cfgservers = [];
foreach (array('dns_server1', 'dns_server2', 'dns_server3', 'dns_server4') as $dns_server) {
diff --git a/src/www/vpn_ipsec_mobile.php b/src/www/vpn_ipsec_mobile.php
index 9210dc493a0..23ea88e2187 100644
--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
@@ -37,7 +37,7 @@
// define formfields
$form_fields = "user_source,local_group,radius_source,pool_address,pool_netbits,pool_address_v6,pool_netbits_v6,net_list
-,save_passwd,dns_domain,dns_split,dns_server1,dns_server2,dns_server3
+,net_list_explicit,save_passwd,dns_domain,dns_split,dns_server1,dns_server2,dns_server3
,dns_server4,wins_server1,wins_server2,pfs_group,login_banner";
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
@@ -66,6 +66,9 @@
if (isset($config['ipsec']['client']['net_list'])) {
$pconfig['net_list'] = true;
}
+ if (isset($config['ipsec']['client']['net_list_explicit'])) {
+ $pconfig['net_list_explicit'] = $config['ipsec']['client']['net_list_explicit'];
+ }
if (isset($config['ipsec']['client']['save_passwd'])) {
$pconfig['save_passwd'] = true;
@@ -142,11 +145,21 @@
$input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified.");
}
+ if (!empty($pconfig['net_list_explicit'])) {
+ $net_list_array=preg_split("/[ ,]+/", $pconfig['net_list_explicit']);
+ foreach ($net_list_array as $curr_cidr) {
+ if (!is_subnet($curr_cidr)) {
+ $input_errors[] = gettext("A valid network list of accessible networks must be specified.");
+ break;
+ }
+ }
+ }
+
if (count($input_errors) == 0) {
$client = array();
$copy_fields = "user_source,local_group,radius_source,pool_address,pool_netbits,pool_address_v6,
pool_netbits_v6,dns_domain,dns_server1,dns_server2,dns_server3,dns_server4,wins_server1,wins_server2
- ,dns_split,pfs_group,login_banner";
+ ,dns_split,pfs_group,login_banner,net_list_explicit";
foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname);
if (!empty($pconfig[$fieldname])) {
@@ -199,6 +212,7 @@
pool_change();
pool_v6_change();
dns_domain_change();
+ net_list_change();
dns_split_change();
dns_server_change();
wins_server_change();
@@ -250,6 +264,19 @@ function dns_domain_change() {
}
}
+function net_list_change() {
+ if (document.iform.net_list_enable.checked){
+ document.iform.net_list_explicit.disabled = 0;
+ $("#net_list_explicit").addClass('show');
+ $("#net_list_explicit").removeClass('hidden');
+ } else {
+ document.iform.net_list_explicit.disabled = 1;
+ $("#net_list_explicit").addClass('hidden');
+ $("#net_list_explicit").removeClass('show');
+ }
+
+}
+
function dns_split_change() {
if (document.iform.dns_split_enable.checked){
@@ -493,10 +520,14 @@ function print_legacy_box($msg, $name, $value)
- | |
+ |
- />
+ onclick="net_list_change()" />
+
+
+
+
|