diff options
| author | jim-p <jimp@pfsense.org> | 2016-08-01 11:43:03 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-08-01 11:45:28 -0400 |
| commit | f003f8db0eaba3837c0e2d2566181a51689a3107 (patch) | |
| tree | 65b48af46249c7897e61d10e2b1cea9dbb1935f5 | |
| parent | bfbfa4dd254c110db4122925d0a3716a34d4c664 (diff) | |
| download | pfsense-f003f8db0eaba3837c0e2d2566181a51689a3107.zip pfsense-f003f8db0eaba3837c0e2d2566181a51689a3107.tar.gz | |
Some small improvements to OpenVPN server handling when using CARP VIPs in Gateway Groups. Might help with issue #6607
| -rw-r--r-- | src/etc/inc/openvpn.inc | 4 | ||||
| -rwxr-xr-x | src/etc/rc.carpbackup | 15 | ||||
| -rwxr-xr-x | src/etc/rc.carpmaster | 15 |
3 files changed, 28 insertions, 6 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index f9093eb..91dc59e 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1100,8 +1100,8 @@ function openvpn_restart($mode, $settings) { return; } - /* Do not start a client if we are a CARP backup on this vip! */ - if (($mode == "client") && (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) != "MASTER")) { + /* Do not start an instance if we are not CARP master on this vip! */ + if (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) != "MASTER") { return; } diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup index a1b3a8e..b537411 100755 --- a/src/etc/rc.carpbackup +++ b/src/etc/rc.carpbackup @@ -81,9 +81,20 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client' if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $settings) { + if (substr($settings['interface'], 0, 4) == '_vip') { + $openvpn_vip = $settings['interface']; + } else if (is_array($a_groups[$settings['interface']])) { + // interface is a gateway group, check CARP VIP + if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') { + $openvpn_vip = $a_groups[$settings['interface']][0]['vip']; + } + } else { + // this OpenVPN instance not on a CARP IP + continue; + } foreach ($vips as $vip) { - if ($settings['interface'] == "_vip{$vip['uniqid']}") { - log_error("Stopping OpenVPN instance on {$friendly_descr} because of transition to CARP backup."); + if ($openvpn_vip == "_vip{$vip['uniqid']}") { + log_error("Stopping OpenVPN server instance on {$friendly_descr} because of transition to CARP backup."); openvpn_restart('server', $settings); } } diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster index 0b355cc..d536948 100755 --- a/src/etc/rc.carpmaster +++ b/src/etc/rc.carpmaster @@ -80,9 +80,20 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client' } if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $settings) { + if (substr($settings['interface'], 0, 4) == '_vip') { + $openvpn_vip = $settings['interface']; + } else if (is_array($a_groups[$settings['interface']])) { + // interface is a gateway group, check CARP VIP + if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') { + $openvpn_vip = $a_groups[$settings['interface']][0]['vip']; + } + } else { + // this OpenVPN instance not on a CARP IP + continue; + } foreach ($vips as $vip) { - if ($settings['interface'] == "_vip{$vip['uniqid']}") { - log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master."); + if ($openvpn_vip == "_vip{$vip['uniqid']}") { + log_error("Starting OpenVPN server instance on {$friendly_descr} because of transition to CARP master."); openvpn_restart('server', $settings); } } |
