summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-12-03 11:08:54 -0500
committerjim-p <jimp@pfsense.org>2012-12-03 11:08:54 -0500
commita0e3ee984e2654511b5af1746e538184d1e1ff55 (patch)
treee553128fd8778c5003e2245c1f6992be03758210 /etc
parent17cf3d1783a43de1037744f981f2503acd50e047 (diff)
downloadpfsense-a0e3ee984e2654511b5af1746e538184d1e1ff55.zip
pfsense-a0e3ee984e2654511b5af1746e538184d1e1ff55.tar.gz
Use the IPv6 tunnel network for peer to peer OpenVPN modes.
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/openvpn.inc28
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 5dcd509..43f9734 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -421,6 +421,8 @@ function openvpn_reconfigure($mode, $settings) {
if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
$conf .= "server {$ip} {$mask}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+ if(is_ipaddr($ipv6))
+ $conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
case 'p2p_shared_key':
if (!empty($ip) && !empty($mask)) {
@@ -432,6 +434,18 @@ function openvpn_reconfigure($mode, $settings) {
else
$conf .= "ifconfig {$ip1} {$mask}\n";
}
+ if (!empty($ipv6) && !empty($prefix)) {
+ $basev6 = gen_subnetv6($ipv6, $prefix);
+ // Is there a better way to do this math?
+ $ipv6_arr = explode(':', $basev6);
+ $last = hexdec(array_pop($ipv6_arr));
+ $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1));
+ $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2));
+ if ($settings['dev_mode'] == 'tun')
+ $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n";
+ else
+ $conf .= "ifconfig {$ipv6_1} {$prefix}\n";
+ }
break;
case 'server_tls':
case 'server_user':
@@ -582,6 +596,20 @@ function openvpn_reconfigure($mode, $settings) {
$conf .= "ifconfig {$ip2} {$mask}\n";
}
+ if (!empty($settings['tunnel_networkv6'])) {
+ list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
+ $basev6 = gen_subnetv6($ipv6, $prefix);
+ // Is there a better way to do this math?
+ $ipv6_arr = explode(':', $basev6);
+ $last = hexdec(array_pop($ipv6_arr));
+ $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1));
+ $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2));
+ if ($settings['dev_mode'] == 'tun')
+ $conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n";
+ else
+ $conf .= "ifconfig {$ipv6_2} {$prefix}\n";
+ }
+
if ($settings['proxy_addr']) {
$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
if ($settings['proxy_authtype'] != "none") {
OpenPOWER on IntegriCloud