Skip to content

Commit

Permalink
VPN: OpenVPN: Instances - Fix support for /30 p2p/net30 instances, 27…
Browse files Browse the repository at this point in the history
…58f9f only included a partial fix. Although we are able to configure openvpn with small nets, we should follow the same procedure the normal "server" directive would follow (as documented in https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/).

This means the following configuration directives need to be set:

* mode server
* tls-server
* push "topology XXX" << tell the other end which topology we are using
* ifconfig-pool  start-ip end-ip << a minimal pool containing one address, if we don't push one, openvpn doesn't know the client and will complain about "bad source address from client "
* ifconfig my-ip remote-ip
  • Loading branch information
AdSchellevis authored and fichtner committed Mar 12, 2024
1 parent 90af8e1 commit 1e51c5b
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,11 @@ public function generateInstanceConfig($uuid = null)
$masklong = ip2long($mask);
$ip1 = long2ip32((ip2long32($parts[0]) & $masklong) + ($masklong == 0xfffffffe ? 0 : 1));
$ip2 = long2ip32((ip2long32($parts[0]) & $masklong) + ($masklong == 0xfffffffe ? 1 : 2));
$ip3 = long2ip32((ip2long32($parts[0]) & $masklong) + ($masklong == 0xfffffffe ? 2 : 3));
$options['mode'] = 'server';
$options['tls-server'] = null;
$options['ifconfig'] = "{$ip1} {$ip2}";
$options['ifconfig-pool'] = "{$ip2} {$ip3}";
} else {
$options['server'] = $parts[0] . " " . $mask;
}
Expand Down Expand Up @@ -534,6 +538,10 @@ public function generateInstanceConfig($uuid = null)
$options['route-ipv6'] = [];

// push options
if (isset($options['ifconfig'])) {
/* "manual" server directive, we should tell the client which topology we are using */
$options['push'][] = "\"topology {$node->topology}\"";
}
if (!empty((string)$node->redirect_gateway)) {
$redirect_gateway = str_replace(',', ' ', (string)$node->redirect_gateway);
$options['push'][] = "\"redirect-gateway {$redirect_gateway}\"";
Expand Down

0 comments on commit 1e51c5b

Please sign in to comment.