diff options
| author | jim-p <jimp@pfsense.org> | 2010-11-19 10:44:54 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-11-19 10:44:54 -0500 |
| commit | e39243843f16d4c8908bf0726e68e65887774f0d (patch) | |
| tree | d2c4e118ac12f42475efdbf83275b5c12e5b7967 /etc/inc/openvpn.inc | |
| parent | 5708241f9545924e07c820deecae5455354a6cbc (diff) | |
| download | pfsense-e39243843f16d4c8908bf0726e68e65887774f0d.zip pfsense-e39243843f16d4c8908bf0726e68e65887774f0d.tar.gz | |
Reorder some code and combine the nobind test with the lport code to ensure only the needed options are used in any given combination.
Diffstat (limited to 'etc/inc/openvpn.inc')
| -rw-r--r-- | etc/inc/openvpn.inc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 6d3062c..0863b1a 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -445,19 +445,19 @@ function openvpn_reconfigure($mode,& $settings) { break; } - // The port we'll listen at - // If local_port is used, bind the management port - $lport = ($settings['local_port']) ? $settings['local_port'] : "0"; - $conf .= "lport {$lport}\n"; + // If there is no bind option at all (ip and/or port), add "nobind" directive + // Otherwise, use the local port if defined, failing that, use lport 0 to + // ensure a random source port. + if ((empty($iface_ip)) && (!$settings['local_port'])) + $conf .= "nobind\n"; + elseif ($settings['local_port']) + $conf .= "lport {$settings['local_port']}\n"; + else + $conf .= "lport 0\n"; // Use unix socket to overcome the problem on any type of server $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n"; - // If there is no bind option at all (ip and/or port), add "nobind" directive - if ((empty($iface_ip)) && (!$settings['local_port'])) { - $conf .= "nobind\n"; - } - // The remote server $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; |
