From 9ea0cb90a6f7685cd29f018895aefbb70e25a5d6 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 6 Mar 2012 14:30:41 -0500
Subject: Be more intelligent when managing OpenVPN client connections bound to
 CARP VIPs. If the interface is in BACKUP status, do not start the client. Add
 a section to rc.carpmaster and rc.carpbackup to trigger this start/stop. If
 an OpenVPN client is active on both the master and backup system, they will
 cause conflicting connections to the server. Servers do not care as they only
 accept, not initiate.

---
 etc/inc/openvpn.inc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'etc/inc/openvpn.inc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 9729217..01a6f6a 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -672,6 +672,10 @@ function openvpn_restart($mode, $settings) {
 	if (isset($settings['disable']))
 		return;
 
+	/* Do not start if we are a CARP backup on this vip! */
+	if ((substr($settings['interface'], 0, 3) == "vip") && (get_carp_interface_status($settings['interface']) == "BACKUP"))
+		return;
+
 	/* start the new process */
 	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
 	mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}");
-- 
cgit v1.1