diff options
author | jim-p <jimp@pfsense.org> | 2011-06-03 09:20:58 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-03 09:20:58 -0400 |
commit | 5dc6c9102cdc2f9fc464da75bbaef594eebec10a (patch) | |
tree | 8325defddf870612cd22f040a2da9255ecf60cb1 /etc/inc | |
parent | 19cdeb3eda777f37ce89acc81f84346b8b6309d1 (diff) | |
download | pfsense-5dc6c9102cdc2f9fc464da75bbaef594eebec10a.zip pfsense-5dc6c9102cdc2f9fc464da75bbaef594eebec10a.tar.gz |
When making a P2P SSL/TLS OpenVPN server, if the given CIDR for the tunnel network is a /30, don't use the OpenVPN server directive. See ticket #1417
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/openvpn.inc | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 7f82975..edd22be 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -367,8 +367,8 @@ function openvpn_reconfigure($mode, $settings) { // server specific settings if ($mode == 'server') { - list($ip, $mask) = explode('/', $settings['tunnel_network']); - $mask = gen_subnet_mask($mask); + list($ip, $cidr) = explode('/', $settings['tunnel_network']); + $mask = gen_subnet_mask($cidr); // configure tls modes switch($settings['mode']) { @@ -383,8 +383,13 @@ function openvpn_reconfigure($mode, $settings) { // configure p2p/server modes switch($settings['mode']) { case 'p2p_tls': - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + // If the CIDR is less than a /30, OpenVPN will complain if you try to + // use the server directive. It works for a single client without it. + // See ticket #1417 + if ($cidr < 30) { + $conf .= "server {$ip} {$mask}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } case 'p2p_shared_key': $baselong = ip2long32($ip) & ip2long($mask); $ip1 = long2ip32($baselong + 1); |