diff options
author | Phil Davis <phil.davis@inf.org> | 2015-04-11 18:28:09 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-04-11 18:28:09 +0545 |
commit | e27bc6cfe5f2a3a9eb13f75b6ce5611ae5f4f545 (patch) | |
tree | 85ed34720c2bc64d46ab3dfff6f7e1fafb8fd8d1 /etc/inc/openvpn.inc | |
parent | 986e77a2eab30201b2820294e73f35536b00408a (diff) | |
download | pfsense-e27bc6cfe5f2a3a9eb13f75b6ce5611ae5f4f545.zip pfsense-e27bc6cfe5f2a3a9eb13f75b6ce5611ae5f4f545.tar.gz |
Fix OpenVPN server listening on associated IPv6 address
As reported in forum https://forum.pfsense.org/index.php?topic=92174.0
If the ordinary interface is selected for an OpenVPN server and an IPV6 protocol is selected (e.g. UDP6) then al is good, the "local" line in the server1.conf is written with the primary IPv6 address of the interface.
If the interface has other associated VIPs (e.g. a CARP VIP) and the related IPv6 entry is selected as the OpenVPN server interface, then the "local" line was being omitted from server1.conf
Regardless of the IP address family, vpn_openvpn_server.php always writes the associated IP address into the settings key 'ipaddr' - which looks like a good and reasonable thing - we only want 1 IP address of some flavor to be remembered here.
This changes fixes openvpn.inc so it understands that $settings['ipaddr'] can be IPv4 or IPv6 as does the appropriate stuff with it.
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 99b039f..927a3ec 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -519,8 +519,8 @@ function openvpn_reconfigure($mode, $settings) { $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; $interface = get_failover_interface($settings['interface']); + // The IP address in the settings can be an IPv4 or IPv6 address associated with the interface $ipaddr = $settings['ipaddr']; - $ipaddrv6 = $settings['ipaddrv6']; // If a specific ip address (VIP) is requested, use it. // Otherwise, if a specific interface is requested, use it @@ -532,8 +532,8 @@ function openvpn_reconfigure($mode, $settings) { $iface_ip=get_interface_ip($interface); } } - if (is_ipaddrv6($ipaddrv6)) { - $iface_ipv6=$ipaddrv6; + if (is_ipaddrv6($ipaddr)) { + $iface_ipv6=$ipaddr; } else { if ((!empty($interface)) && (strcmp($interface, "any"))) { $iface_ipv6=get_interface_ipv6($interface); |