diff options
author | jim-p <jimp@pfsense.org> | 2012-12-03 11:08:54 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-12-03 11:08:54 -0500 |
commit | a0e3ee984e2654511b5af1746e538184d1e1ff55 (patch) | |
tree | e553128fd8778c5003e2245c1f6992be03758210 /etc | |
parent | 17cf3d1783a43de1037744f981f2503acd50e047 (diff) | |
download | pfsense-a0e3ee984e2654511b5af1746e538184d1e1ff55.zip pfsense-a0e3ee984e2654511b5af1746e538184d1e1ff55.tar.gz |
Use the IPv6 tunnel network for peer to peer OpenVPN modes.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/openvpn.inc | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 5dcd509..43f9734 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -421,6 +421,8 @@ function openvpn_reconfigure($mode, $settings) { if (!empty($ip) && !empty($mask) && ($cidr < 30)) { $conf .= "server {$ip} {$mask}\n"; $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + if(is_ipaddr($ipv6)) + $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; } case 'p2p_shared_key': if (!empty($ip) && !empty($mask)) { @@ -432,6 +434,18 @@ function openvpn_reconfigure($mode, $settings) { else $conf .= "ifconfig {$ip1} {$mask}\n"; } + if (!empty($ipv6) && !empty($prefix)) { + $basev6 = gen_subnetv6($ipv6, $prefix); + // Is there a better way to do this math? + $ipv6_arr = explode(':', $basev6); + $last = hexdec(array_pop($ipv6_arr)); + $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); + $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); + if ($settings['dev_mode'] == 'tun') + $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n"; + else + $conf .= "ifconfig {$ipv6_1} {$prefix}\n"; + } break; case 'server_tls': case 'server_user': @@ -582,6 +596,20 @@ function openvpn_reconfigure($mode, $settings) { $conf .= "ifconfig {$ip2} {$mask}\n"; } + if (!empty($settings['tunnel_networkv6'])) { + list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); + $basev6 = gen_subnetv6($ipv6, $prefix); + // Is there a better way to do this math? + $ipv6_arr = explode(':', $basev6); + $last = hexdec(array_pop($ipv6_arr)); + $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); + $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); + if ($settings['dev_mode'] == 'tun') + $conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n"; + else + $conf .= "ifconfig {$ipv6_2} {$prefix}\n"; + } + if ($settings['proxy_addr']) { $conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}"; if ($settings['proxy_authtype'] != "none") { |