Ticket #826. Convert to unix domain sockets for management interface so we do not have problems when interface is any.

2 files changed, 23 insertions, 8 deletions

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 4606c89..9053c85 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -404,7 +404,9 @@ function openvpn_reconfigure($mode,& $settings) {
 		$conf .= "lport {$settings['local_port']}\n";
 
 		// The management port to listen on
-		$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
+		// Use unix socket to overcome the problem on any type of server
+		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+		//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
 
 		if ($settings['maxclients'])
 			$conf .= "max-clients {$settings['maxclients']}\n";
@@ -445,7 +447,9 @@ function openvpn_reconfigure($mode,& $settings) {
 		// If local_port is used, bind the management port
 		if ($settings['local_port']) {
 			$conf .= "lport {$settings['local_port']}\n";
-			$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
+			// Use unix socket to overcome the problem on any type of server
+			$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+			//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
 		}
 
 		// If there is no bind option at all (ip and/or port), add "nobind" directive
@@ -709,8 +713,9 @@ function openvpn_resync_all($interface = "") {
 }
 
 function openvpn_get_active_servers() {
+	global $config, $g;
+
 	$servers = array();
-	global $config;
 	if (is_array($config['openvpn']['openvpn-server'])) {
 		foreach ($config['openvpn']['openvpn-server'] as & $settings) {
 	
@@ -726,7 +731,10 @@ function openvpn_get_active_servers() {
 				$server['name'] = "Server {$prot}:{$port}";
 			$server['conns'] = array();
 	
-			$tcpsrv = "tcp://127.0.0.1:{$port}";
+			$vpnid = $settings['vpnid'];
+                        $mode_id = "server{$vpnid}";
+			$server['mgmt'] = $mode_id;
+                        $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock";
 			$errval;
 			$errstr;
 	
@@ -786,8 +794,9 @@ function openvpn_get_active_servers() {
 }
 
 function openvpn_get_active_clients() {
+	global $config, $g;
+
 	$clients = array();
-	global $config;
 	if (is_array($config['openvpn']['openvpn-client'])) {
 		foreach ($config['openvpn']['openvpn-client'] as & $settings) {
 	
@@ -801,7 +810,10 @@ function openvpn_get_active_clients() {
 			else
 				$client['name'] = "Client {$prot}:{$port}";
 	
-			$tcpcli = "tcp://127.0.0.1:{$port}";
+			$vpnid = $settings['vpnid'];
+        		$mode_id = "client{$vpnid}";
+			$client['mgmt'] = $mode_id;
+			$tcpcli = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock";
 			$errval;
 			$errstr;
 	
diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php
index 8ee1eec..9240825 100644
--- a/usr/local/www/status_openvpn.php
+++ b/usr/local/www/status_openvpn.php
@@ -64,7 +64,10 @@ if($_GET['action']) {
 
 
 function kill_client($port, $remipp) {
-	$tcpsrv = "tcp://127.0.0.1:{$port}";
+	global $g;
+
+	//$tcpsrv = "tcp://127.0.0.1:{$port}";
+	$tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock";
 	$errval;
 	$errstr;
 
@@ -173,7 +176,7 @@ include("head.inc"); ?>
 				</td>
 				<td class='list'>
 					<img src='/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif' height='17' width='17' border='0'
-					   onclick="killClient('<?php echo $server['port']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;'
+					   onclick="killClient('<?php echo $server['mgmt']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;'
 					   name='<?php echo "i:{$server['port']}:{$conn['remote_host']}"; ?>'
 					   title='<?=gettext("Kill client connection from"); ?> <?php echo $conn['remote_host']; ?>' alt='' />
 				</td>