From f26c1f794eec4c27f6626dfa4ef8effc01ebfa75 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 15 Jan 2013 12:08:43 -0500
Subject: Use functions to reduce code duplication; Add function to clear route
 to the interface IP before starting openvpn, otherwise the process cannot
 start. Ticket #2712

---
 etc/inc/openvpn.inc | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 305a983..4c2de84 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -399,9 +399,7 @@ function openvpn_reconfigure($mode, $settings) {
 					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
 				}
 			case 'p2p_shared_key':
-				$baselong = ip2long32($ip) & ip2long($mask);
-				$ip1 = long2ip32($baselong + 1);
-				$ip2 = long2ip32($baselong + 2);
+				list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
 				$conf .= "ifconfig $ip1 $ip2\n";
 				break;
 			case 'server_tls':
@@ -518,9 +516,7 @@ function openvpn_reconfigure($mode, $settings) {
 		if (!empty($settings['tunnel_network'])) {
 			list($ip, $mask) = explode('/', $settings['tunnel_network']);
 			$mask = gen_subnet_mask($mask);
-			$baselong = ip2long32($ip) & ip2long($mask);
-			$ip1 = long2ip32($baselong + 1);
-			$ip2 = long2ip32($baselong + 2);
+			list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
 			$conf .= "ifconfig $ip2 $ip1\n";
 		}
 
@@ -631,6 +627,7 @@ function openvpn_restart($mode, $settings) {
 
 	/* start the new process */
 	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
+	openvpn_clear_route($mode, $settings);
 	mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}");
 
 	if (!$g['booting'])
@@ -1025,4 +1022,29 @@ function openvpn_refresh_crls() {
 	}
 }
 
+function openvpn_get_interface_ip($ip, $mask) {
+	$baselong = ip2long32($ip) & ip2long($mask);
+	$ip1 = long2ip32($baselong + 1);
+	$ip2 = long2ip32($baselong + 2);
+	return array($ip1, $ip2);
+}
+
+function openvpn_clear_route($mode, $settings) {
+	if (empty($settings['tunnel_network']))
+		return;
+	list($ip, $cidr) = explode('/', $settings['tunnel_network']);
+	$mask = gen_subnet_mask($cidr);
+	switch($settings['mode']) {
+		case 'p2p_tls':
+		case 'p2p_shared_key':
+		case 'shared_key':
+			if (!empty($ip) && !empty($mask) && ($cidr == 30)) {
+				list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
+				$ip_to_clear = ($mode == "server") ? $ip1 : $ip2;
+				mwexec("/sbin/route -q delete {$ip_to_clear}");
+			}
+			break;
+	}
+}
+
 ?>
-- 
cgit v1.1