From e39243843f16d4c8908bf0726e68e65887774f0d Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 19 Nov 2010 10:44:54 -0500
Subject: Reorder some code and combine the nobind test with the lport code to
 ensure only the needed options are used in any given combination.

---
 etc/inc/openvpn.inc | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'etc/inc/openvpn.inc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 6d3062c..0863b1a 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -445,19 +445,19 @@ function openvpn_reconfigure($mode,& $settings) {
 				break;
 		}
 
-		// The port we'll listen at
-		// If local_port is used, bind the management port
-		$lport = ($settings['local_port']) ? $settings['local_port'] : "0";
-		$conf .= "lport {$lport}\n";
+		// If there is no bind option at all (ip and/or port), add "nobind" directive
+		//  Otherwise, use the local port if defined, failing that, use lport 0 to 
+		//  ensure a random source port.
+		if ((empty($iface_ip)) && (!$settings['local_port']))
+			$conf .= "nobind\n";
+		elseif ($settings['local_port'])
+			$conf .= "lport {$settings['local_port']}\n";
+		else
+			$conf .= "lport 0\n";
 
 		// Use unix socket to overcome the problem on any type of server
 		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
 
-		// If there is no bind option at all (ip and/or port), add "nobind" directive
-		if ((empty($iface_ip)) && (!$settings['local_port'])) {
-			$conf .= "nobind\n";
-		}
-
 		// The remote server
 		$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
 
-- 
cgit v1.1