diff options
author | jim-p <jimp@pfsense.org> | 2011-11-08 16:57:32 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-11-08 16:57:32 -0500 |
commit | 1ab6bdb5ffcf052241f58af87efef9fe077b38c7 (patch) | |
tree | 71cd3565893b94532af3276ed22a5d2d032c2d38 /etc | |
parent | 49db607f186c37ad48b25640184051a6ae205ff4 (diff) | |
download | pfsense-1ab6bdb5ffcf052241f58af87efef9fe077b38c7.zip pfsense-1ab6bdb5ffcf052241f58af87efef9fe077b38c7.tar.gz |
Fix up OpenVPN server tap modes, support various options for providing or passing through DHCP. (Work in progress)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/openvpn.inc | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index fb0b98f..ab30200 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -409,23 +409,41 @@ function openvpn_reconfigure($mode, $settings) { // If the CIDR is less than a /30, OpenVPN will complain if you try to // use the server directive. It works for a single client without it. // See ticket #1417 - if ($cidr < 30) { + if (($settings['dev_mode'] != "tap") && ($cidr < 30)) { $conf .= "server {$ip} {$mask}\n"; $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; } case 'p2p_shared_key': - $baselong = ip2long32($ip) & ip2long($mask); - $ip1 = long2ip32($baselong + 1); - $ip2 = long2ip32($baselong + 2); - $conf .= "ifconfig $ip1 $ip2\n"; + if ($settings['dev_mode'] != "tap") { + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); + $conf .= "ifconfig $ip1 $ip2\n"; + } break; case 'server_tls': case 'server_user': case 'server_tls_user': - $conf .= "server {$ip} {$mask}\n"; - if(is_ipaddr($ipv6)) - $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + if ($settings['dev_mode'] != "tap") { + $conf .= "server {$ip} {$mask}\n"; + if(is_ipaddr($ipv6)) + $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } else { + if ($settings['serverbridge_dhcp']) { + if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { + $biface_ip=get_interface_ip($settings['serverbridge_interface']); + $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); + if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) { + $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; + } else { + $conf .= "mode server\n"; + } + } else { + $conf .= "mode server\n"; + } + } + } break; } |