From 5dc6c9102cdc2f9fc464da75bbaef594eebec10a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 3 Jun 2011 09:20:58 -0400
Subject: When making a P2P SSL/TLS OpenVPN server, if the given CIDR for the
 tunnel network is a /30, don't use the OpenVPN server directive. See ticket
 #1417

---
 etc/inc/openvpn.inc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 7f82975..edd22be 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -367,8 +367,8 @@ function openvpn_reconfigure($mode, $settings) {
 	// server specific settings
 	if ($mode == 'server') {
 
-		list($ip, $mask) = explode('/', $settings['tunnel_network']);
-		$mask = gen_subnet_mask($mask);
+		list($ip, $cidr) = explode('/', $settings['tunnel_network']);
+		$mask = gen_subnet_mask($cidr);
 
 		// configure tls modes
 		switch($settings['mode']) {
@@ -383,8 +383,13 @@ function openvpn_reconfigure($mode, $settings) {
 		// configure p2p/server modes
 		switch($settings['mode']) {
 			case 'p2p_tls':
-				$conf .= "server {$ip} {$mask}\n";
-				$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+				// If the CIDR is less than a /30, OpenVPN will complain if you try to
+				//  use the server directive. It works for a single client without it.
+				//  See ticket #1417
+				if ($cidr < 30) {
+					$conf .= "server {$ip} {$mask}\n";
+					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+				}
 			case 'p2p_shared_key':
 				$baselong = ip2long32($ip) & ip2long($mask);
 				$ip1 = long2ip32($baselong + 1);
-- 
cgit v1.1