diff options
| author | jim-p <jimp@pfsense.org> | 2012-03-06 14:30:41 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-03-06 14:33:12 -0500 |
| commit | 9ea0cb90a6f7685cd29f018895aefbb70e25a5d6 (patch) | |
| tree | d3e1fa1a3aae8bb4a37719d3ab5e259d6a0128d1 /etc/rc.carpbackup | |
| parent | 731de7112a130960e30b1ecfcdd99ba7e5c37df5 (diff) | |
| download | pfsense-9ea0cb90a6f7685cd29f018895aefbb70e25a5d6.zip pfsense-9ea0cb90a6f7685cd29f018895aefbb70e25a5d6.tar.gz | |
Be more intelligent when managing OpenVPN client connections bound to CARP VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop.
If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.
Diffstat (limited to 'etc/rc.carpbackup')
| -rwxr-xr-x | etc/rc.carpbackup | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/rc.carpbackup b/etc/rc.carpbackup index 68f4e2c..165dd9e 100755 --- a/etc/rc.carpbackup +++ b/etc/rc.carpbackup @@ -32,10 +32,20 @@ require_once("functions.inc"); require_once("config.inc"); require_once("notices.inc"); +require_once("openvpn.inc"); $notificationmsg = "A carp cluster member has resumed the state 'BACKUP'"; notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); +/* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN clients on a CARP cluster can be problematic. */ +global $config; +foreach ($config['openvpn']['openvpn-client'] as $settings) { + if ($settings['interface'] == $argv[1]) { + log_error("Stopping OpenVPN instance on {$settings['interface']} because of transition to CARP backup."); + openvpn_restart('client', $settings); + } +} + ?>
\ No newline at end of file |
