+ /* In tunnel server mode, check if the subnet matches one in the config file of this node */
+
+ if(tunnelserver) {
+ config_t *cfg;
+ subnet_t *allowed;
+
+ for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) {
+ if(!get_config_subnet(cfg, &allowed))
+ return false;
+
+ if(!subnet_compare(&s, allowed))
+ break;
+
+ free_subnet(allowed);
+ }
+
+ if(!cfg) {
+ logger(LOG_WARNING, _("Unauthorized %s from %s (%s) for %s"),
+ "ADD_SUBNET", c->name, c->hostname, subnetstr);
+ return false;
+ }
+
+ free_subnet(allowed);
+ }
+