diff options
| author | jim-p <jimp@pfsense.org> | 2012-12-05 17:14:11 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-12-05 17:15:15 -0500 |
| commit | 91c44185665abd6522a5ecb156046ab57fdaa295 (patch) | |
| tree | 48e5236a21f8b67e46a21fcfbb593258107817cf /etc | |
| parent | ffe25c1f8a4902e0e77430dfd3e3b24b7881880c (diff) | |
| download | pfsense-91c44185665abd6522a5ecb156046ab57fdaa295.zip pfsense-91c44185665abd6522a5ecb156046ab57fdaa295.tar.gz | |
Use functions to reduce code duplication; Add function to clear route to the interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/openvpn.inc | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 5536902..c3353ef 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -429,21 +429,14 @@ function openvpn_reconfigure($mode, $settings) { } case 'p2p_shared_key': if (!empty($ip) && !empty($mask)) { - $baselong = ip2long32($ip) & ip2long($mask); - $ip1 = long2ip32($baselong + 1); - $ip2 = long2ip32($baselong + 2); + list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); if ($settings['dev_mode'] == 'tun') $conf .= "ifconfig {$ip1} {$ip2}\n"; else $conf .= "ifconfig {$ip1} {$mask}\n"; } if (!empty($ipv6) && !empty($prefix)) { - $basev6 = gen_subnetv6($ipv6, $prefix); - // Is there a better way to do this math? - $ipv6_arr = explode(':', $basev6); - $last = hexdec(array_pop($ipv6_arr)); - $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); - $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); + list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); if ($settings['dev_mode'] == 'tun') $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n"; else @@ -590,9 +583,7 @@ function openvpn_reconfigure($mode, $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); $mask = gen_subnet_mask($mask); - $baselong = ip2long32($ip) & ip2long($mask); - $ip1 = long2ip32($baselong + 1); - $ip2 = long2ip32($baselong + 2); + list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); if ($settings['dev_mode'] == 'tun') $conf .= "ifconfig {$ip2} {$ip1}\n"; else @@ -601,12 +592,7 @@ function openvpn_reconfigure($mode, $settings) { if (!empty($settings['tunnel_networkv6'])) { list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); - $basev6 = gen_subnetv6($ipv6, $prefix); - // Is there a better way to do this math? - $ipv6_arr = explode(':', $basev6); - $last = hexdec(array_pop($ipv6_arr)); - $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); - $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); + list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); if ($settings['dev_mode'] == 'tun') $conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n"; else @@ -729,6 +715,7 @@ function openvpn_restart($mode, $settings) { /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; + openvpn_clear_route($mode, $settings); mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}"); if (!$g['booting']) @@ -1137,4 +1124,39 @@ function openvpn_create_dirs() { safe_mkdir("{$g['varetc_path']}/openvpn-csc", 0750); } +function openvpn_get_interface_ip($ip, $mask) { + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); + return array($ip1, $ip2); +} + +function openvpn_get_interface_ipv6($ipv6, $prefix) { + $basev6 = gen_subnetv6($ipv6, $prefix); + // Is there a better way to do this math? + $ipv6_arr = explode(':', $basev6); + $last = hexdec(array_pop($ipv6_arr)); + $ipv6_1 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 1)); + $ipv6_2 = Net_IPv6::compress(implode(':', $ipv6_arr) . ':' . dechex($last + 2)); + return array($ipv6_1, $ipv6_2); +} + +function openvpn_clear_route($mode, $settings) { + if (empty($settings['tunnel_network'])) + return; + list($ip, $cidr) = explode('/', $settings['tunnel_network']); + $mask = gen_subnet_mask($cidr); + switch($settings['mode']) { + case 'p2p_tls': + case 'p2p_shared_key': + case 'shared_key': + if (!empty($ip) && !empty($mask) && ($cidr == 30)) { + list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); + $ip_to_clear = ($mode == "server") ? $ip1 : $ip2; + mwexec("/sbin/route -q delete {$ip_to_clear}"); + } + break; + } +} + ?> |
