Use nobind for OVPN client when no local port and/or no local interface is requested. Ticket #282

author: pierrepomes <pierre.pomes@interface-tech.com> 2010-04-29 20:10:52 -0400
committer: pierrepomes <pierre.pomes@interface-tech.com> 2010-04-29 20:10:52 -0400
commit: 48a458d2d781be22dc63a1fe19eb9451836c9dd2 (patch)
tree: 830fdd65b085fd0041da6cec5e453fa8a0713c95 /etc
parent: 723f17612937c088717cfdfc4274ec39fb3ac754 (diff)
download: pfsense-48a458d2d781be22dc63a1fe19eb9451836c9dd2.zip
pfsense-48a458d2d781be22dc63a1fe19eb9451836c9dd2.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 6efffd0..66a81fc 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -340,8 +340,7 @@ function openvpn_reconfigure($mode,& $settings) {
 	$conf .= "down /etc/rc.filter_configure\n";
 
 	if (!empty($iface_ip)) {
-		if ($mode == "server" || ($mode == "client" && !empty($settings['local_port'])))
-			$conf .= "local {$iface_ip}\n";	
+		$conf .= "local {$iface_ip}\n";	
 	}
 
 	// server specific settings
@@ -446,8 +445,11 @@ function openvpn_reconfigure($mode,& $settings) {
 			$conf .= "lport {$settings['local_port']}\n";
 			$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
 		}
-		else
+
+		// If there is no bind option at all (ip and/or port), add "nobind" directive
+		if ((empty($iface_ip)) && (!$settings['local_port'])) {
 			$conf .= "nobind\n";
+		}
 
 		// The remote server
 		$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
author	pierrepomes <pierre.pomes@interface-tech.com>	2010-04-29 20:10:52 -0400
committer	pierrepomes <pierre.pomes@interface-tech.com>	2010-04-29 20:10:52 -0400
commit	48a458d2d781be22dc63a1fe19eb9451836c9dd2 (patch)
tree	830fdd65b085fd0041da6cec5e453fa8a0713c95 /etc
parent	723f17612937c088717cfdfc4274ec39fb3ac754 (diff)
download	pfsense-48a458d2d781be22dc63a1fe19eb9451836c9dd2.zip pfsense-48a458d2d781be22dc63a1fe19eb9451836c9dd2.tar.gz