summaryrefslogtreecommitdiffstats
path: root/src/etc
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2016-02-06 00:57:43 -0600
committerChris Buechler <cmb@pfsense.org>2016-02-06 00:57:43 -0600
commitd20dd6589ac43905556d82a77973a5552bea2aed (patch)
treeed552bb66f0611646d20ea2c371e8a786ad07ca8 /src/etc
parent10e58a701142d9587f7e4f7d6556191d34242e3f (diff)
downloadpfsense-d20dd6589ac43905556d82a77973a5552bea2aed.zip
pfsense-d20dd6589ac43905556d82a77973a5552bea2aed.tar.gz
Handle start/stop of OpenVPN client instances bound to gateway groups using CARP IPs. Ticket #4858
Diffstat (limited to 'src/etc')
-rwxr-xr-xsrc/etc/rc.carpbackup14
-rwxr-xr-xsrc/etc/rc.carpmaster14
2 files changed, 26 insertions, 2 deletions
diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup
index cddbc96..e71f9fa 100755
--- a/src/etc/rc.carpbackup
+++ b/src/etc/rc.carpbackup
@@ -62,10 +62,22 @@ if (is_array($vips)) {
/* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN clients on a CARP cluster can be problematic. */
global $config;
+$a_groups = return_gateway_groups_array();
if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $settings) {
+ if (substr($settings['interface'], 0, 4) == '_vip') {
+ $openvpn_vip = $settings['interface'];
+ } else if (is_array($a_groups[$settings['interface']])) {
+ // interface is a gateway group, check CARP VIP
+ if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
+ $openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
+ }
+ } else {
+ // this OpenVPN instance not on a CARP IP
+ continue;
+ }
foreach ($vips as $vip) {
- if ($settings['interface'] == "_vip{$vip['uniqid']}") {
+ if ($openvpn_vip == "_vip{$vip['uniqid']}") {
log_error("Stopping OpenVPN client instance on {$friendly_descr} because of transition to CARP backup.");
openvpn_restart('client', $settings);
}
diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster
index 2441e4e..6c140ca 100755
--- a/src/etc/rc.carpmaster
+++ b/src/etc/rc.carpmaster
@@ -59,10 +59,22 @@ foreach ($vips as $vip) {
/* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */
global $config;
+$a_groups = return_gateway_groups_array();
if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $settings) {
+ if (substr($settings['interface'], 0, 4) == '_vip') {
+ $openvpn_vip = $settings['interface'];
+ } else if (is_array($a_groups[$settings['interface']])) {
+ // interface is a gateway group, check CARP VIP
+ if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
+ $openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
+ }
+ } else {
+ // this OpenVPN instance not on a CARP IP
+ continue;
+ }
foreach ($vips as $vip) {
- if ($settings['interface'] == "_vip{$vip['uniqid']}") {
+ if ($openvpn_vip == "_vip{$vip['uniqid']}") {
log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master.");
openvpn_restart('client', $settings);
}
OpenPOWER on IntegriCloud