OpenVPN cleanups by mposch@gmail.com

5 files changed, 27 insertions, 8 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 8dee84a..7c358b6 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -249,7 +249,8 @@ function filter_generate_aliases() {
 	$bridgetracker = 0;
 	foreach ($ifdescrs as $ifdescr => $ifname) {
 		/* do not process tun interfaces */
-		if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue;
+		/* do process tun interfaces for openvpn compatibility */
+		/* if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; */
 		$aliases .= filter_get_opt_interface_descr($ifname) . " = \"{ " . filter_opt_interface_to_real($ifname);
 		if($config['interfaces'][$ifname]['bridge'] <> "") {
 			$aliases .= " bridge{$bridgetracker} ";
@@ -2194,4 +2195,4 @@ function return_vpn_subnet($adr) {
 	return " # error - {$adr['network']} ";
 	
 }
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 3caea66..59096cf 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -72,5 +72,10 @@ $iptos = array("lowdelay", "throughput", "reliability", "congestion");
 /* TCP flags */
 $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg");
 
+/* OpenVPN Directories */
+$d_ovpnsrvdirty_path = "/tmp/ovpn-srv.dirty";
+$d_ovpncrldirty_path = "/tmp/ovpn-crl.dirty";
+$d_ovpnclidirty_path = "/tmp/ovpn-cli.dirty";
 
-?>
\ No newline at end of file
+
+?>
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 52a5851..4bdac0c 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -104,6 +104,12 @@ function ovpn_config_server($reconfigure) {
 				/* next server */
 				continue;
 			}
+			/* restart openvpn daemon if pf is restarted, but not on boot, hence the else if */
+			else if ( $reconfigure == "pfreload") {
+				ovpn_server_kill($tun);
+				mwexec("/usr/local/sbin/openvpn {$g['varetc_path']}/ovpn_srv_{$tun}.conf");
+				continue;
+			}
 
 			/* send SIGUSR1 to running openvpn daemon */
 			if ( $reconfigure == "true" && isset($server['dynip'])) {
@@ -181,6 +187,9 @@ function ovpn_srv_config_generate($id) {
 	global $config, $g;
 	$server = $config['ovpn']['server']['tunnel'][$id];
 
+	/* mount filesystem for read/write */
+	conf_mount_rw();
+
 	/* get tunnel interface */
 	$tun = $server['tun_iface'];
 
@@ -434,6 +443,9 @@ EOD;
 	fwrite($fd, $ovpn_config);
 	fclose($fd);
 
+	/* return from filesystem read/write mode and mount read-only */
+	conf_mount_ro();
+
 	//trigger_error("OVPN: $ovpn_config", E_USER_NOTICE);
 }
 
@@ -768,7 +780,7 @@ function ovpn_crl_dirty($name) {
 
 function ovpn_config_client() {
 	/* Boot time configuration */
-	global $config, $g, $d_ovpnclidirty_path;;
+	global $config, $g, $d_ovpnclidirty_path;
 	
 	foreach ($config['ovpn']['client']['tunnel'] as $id => $client) {
 
@@ -1484,4 +1496,4 @@ function ovpn_unlock() {
 		unlink($lockfile);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 254211d..3774090 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -262,7 +262,6 @@ function get_interface_list($mode = "active", $keyby = "physical", $vfaces = "")
 				'lo',
 				'ng',
 				'vlan',
-				'tun',
 				'pflog',
 				'pfsync',
 				'carp'
@@ -519,4 +518,4 @@ function xml_safe_fieldname($fieldname) {
 	return strtolower(str_replace($replace, "", $fieldname));
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/rc.reload_interfaces b/etc/rc.reload_interfaces
index 783af5c..108efd1 100755
--- a/etc/rc.reload_interfaces
+++ b/etc/rc.reload_interfaces
@@ -31,8 +31,10 @@
 
 require_once("config.inc");
 require_once("filter.inc");
+require_once("openvpn.inc");
 
 reload_interfaces_sync();
 filter_configure_sync();
+ovpn_config_server("pfreload");
 
-?>
\ No newline at end of file
+?>