From d20dd6589ac43905556d82a77973a5552bea2aed Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sat, 6 Feb 2016 00:57:43 -0600
Subject: Handle start/stop of OpenVPN client instances bound to gateway groups
 using CARP IPs. Ticket #4858

---
 src/etc/rc.carpmaster | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src/etc/rc.carpmaster')

diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster
index 2441e4e..6c140ca 100755
--- a/src/etc/rc.carpmaster
+++ b/src/etc/rc.carpmaster
@@ -59,10 +59,22 @@ foreach ($vips as $vip) {
 
 /* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */
 global $config;
+$a_groups = return_gateway_groups_array();
 if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
 	foreach ($config['openvpn']['openvpn-client'] as $settings) {
+		if (substr($settings['interface'], 0, 4) == '_vip') {
+			$openvpn_vip = $settings['interface'];
+		} else if (is_array($a_groups[$settings['interface']])) {
+			// interface is a gateway group, check CARP VIP
+			if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
+				$openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
+			}
+		} else {
+			// this OpenVPN instance not on a CARP IP
+			continue;
+		}
 		foreach ($vips as $vip) {
-			if ($settings['interface'] == "_vip{$vip['uniqid']}") {
+			if ($openvpn_vip == "_vip{$vip['uniqid']}") {
 				log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master.");
 				openvpn_restart('client', $settings);
 			}
-- 
cgit v1.1