diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-01-30 02:25:00 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-01-30 02:25:00 +0000 |
commit | 4f8e387ddd4cb91d86fdf6f32558d66527338f2a (patch) | |
tree | 64ab88429aa0bc8c05885a11de2452d7f16ec2d9 /etc | |
parent | 989c7b5715e51ea5398181bff765c7e21bad6e03 (diff) | |
download | pfsense-4f8e387ddd4cb91d86fdf6f32558d66527338f2a.zip pfsense-4f8e387ddd4cb91d86fdf6f32558d66527338f2a.tar.gz |
OpenVPN cleanups by mposch@gmail.com
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/globals.inc | 7 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 16 | ||||
-rw-r--r-- | etc/inc/util.inc | 3 | ||||
-rwxr-xr-x | etc/rc.reload_interfaces | 4 |
5 files changed, 27 insertions, 8 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8dee84a..7c358b6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -249,7 +249,8 @@ function filter_generate_aliases() { $bridgetracker = 0; foreach ($ifdescrs as $ifdescr => $ifname) { /* do not process tun interfaces */ - if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; + /* do process tun interfaces for openvpn compatibility */ + /* if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; */ $aliases .= filter_get_opt_interface_descr($ifname) . " = \"{ " . filter_opt_interface_to_real($ifname); if($config['interfaces'][$ifname]['bridge'] <> "") { $aliases .= " bridge{$bridgetracker} "; @@ -2194,4 +2195,4 @@ function return_vpn_subnet($adr) { return " # error - {$adr['network']} "; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 3caea66..59096cf 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -72,5 +72,10 @@ $iptos = array("lowdelay", "throughput", "reliability", "congestion"); /* TCP flags */ $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg"); +/* OpenVPN Directories */ +$d_ovpnsrvdirty_path = "/tmp/ovpn-srv.dirty"; +$d_ovpncrldirty_path = "/tmp/ovpn-crl.dirty"; +$d_ovpnclidirty_path = "/tmp/ovpn-cli.dirty"; -?>
\ No newline at end of file + +?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 52a5851..4bdac0c 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -104,6 +104,12 @@ function ovpn_config_server($reconfigure) { /* next server */ continue; } + /* restart openvpn daemon if pf is restarted, but not on boot, hence the else if */ + else if ( $reconfigure == "pfreload") { + ovpn_server_kill($tun); + mwexec("/usr/local/sbin/openvpn {$g['varetc_path']}/ovpn_srv_{$tun}.conf"); + continue; + } /* send SIGUSR1 to running openvpn daemon */ if ( $reconfigure == "true" && isset($server['dynip'])) { @@ -181,6 +187,9 @@ function ovpn_srv_config_generate($id) { global $config, $g; $server = $config['ovpn']['server']['tunnel'][$id]; + /* mount filesystem for read/write */ + conf_mount_rw(); + /* get tunnel interface */ $tun = $server['tun_iface']; @@ -434,6 +443,9 @@ EOD; fwrite($fd, $ovpn_config); fclose($fd); + /* return from filesystem read/write mode and mount read-only */ + conf_mount_ro(); + //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE); } @@ -768,7 +780,7 @@ function ovpn_crl_dirty($name) { function ovpn_config_client() { /* Boot time configuration */ - global $config, $g, $d_ovpnclidirty_path;; + global $config, $g, $d_ovpnclidirty_path; foreach ($config['ovpn']['client']['tunnel'] as $id => $client) { @@ -1484,4 +1496,4 @@ function ovpn_unlock() { unlink($lockfile); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 254211d..3774090 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -262,7 +262,6 @@ function get_interface_list($mode = "active", $keyby = "physical", $vfaces = "") 'lo', 'ng', 'vlan', - 'tun', 'pflog', 'pfsync', 'carp' @@ -519,4 +518,4 @@ function xml_safe_fieldname($fieldname) { return strtolower(str_replace($replace, "", $fieldname)); } -?>
\ No newline at end of file +?> diff --git a/etc/rc.reload_interfaces b/etc/rc.reload_interfaces index 783af5c..108efd1 100755 --- a/etc/rc.reload_interfaces +++ b/etc/rc.reload_interfaces @@ -31,8 +31,10 @@ require_once("config.inc"); require_once("filter.inc"); +require_once("openvpn.inc"); reload_interfaces_sync(); filter_configure_sync(); +ovpn_config_server("pfreload"); -?>
\ No newline at end of file +?> |