From ef378560d1982cd5ecb93475ef9da12ce19b6a31 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 21 Jan 2016 12:03:14 -0500
Subject: The topology line also must be skipped if an SSL/TLS mode is used
 with a CIDR less than 30.

---
 src/etc/inc/openvpn.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 257152c..0a04da4 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -1063,7 +1063,8 @@ function openvpn_reconfigure($mode, $settings) {
 		$conf .= "float\n";
 	}
 
-	if (in_array($settings['mode'], $openvpn_tls_server_modes)) {
+	// If the server is not a TLS server or it has a tunnel network CIDR less than a /30, skip this.
+	if (in_array($settings['mode'], $openvpn_tls_server_modes) && (!empty($ip) && !empty($mask) && ($cidr < 30))) {
 		if (empty($settings['topology'])) {
 			$settings['topology'] = "subnet";
 		}
-- 
cgit v1.1