Some small improvements to OpenVPN server handling when using CARP VI…

…Ps in Gateway Groups. Might help with issue #6607
pfsense · Aug 1, 2016 · 51d2e73 · 51d2e73
1 parent 13b2db8
commit 51d2e73
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
@@ -1124,8 +1124,8 @@ function openvpn_restart($mode, $settings) {
 		return;
 	}
 
-	/* Do not start a client if we are a CARP backup on this vip! */
-	if (($mode == "client") && (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) != "MASTER")) {
+	/* Do not start an instance if we are not CARP master on this vip! */
+	if (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) != "MASTER") {
 		return;
 	}
 

diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup
@@ -113,9 +113,20 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
 
 if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
 	foreach ($config['openvpn']['openvpn-server'] as $settings) {
+		if (substr($settings['interface'], 0, 4) == '_vip') {
+			$openvpn_vip = $settings['interface'];
+		} else if (is_array($a_groups[$settings['interface']])) {
+			// interface is a gateway group, check CARP VIP
+			if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
+				$openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
+			}
+		} else {
+			// this OpenVPN instance not on a CARP IP
+			continue;
+		}
 		foreach ($vips as $vip) {
-			if ($settings['interface'] == "_vip{$vip['uniqid']}") {
-				log_error("Stopping OpenVPN instance on {$friendly_descr} because of transition to CARP backup.");
+			if ($openvpn_vip == "_vip{$vip['uniqid']}") {
+				log_error("Stopping OpenVPN server instance on {$friendly_descr} because of transition to CARP backup.");
 				openvpn_restart('server', $settings);
 			}
 		}

diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster
@@ -112,9 +112,20 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
 }
 if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
 	foreach ($config['openvpn']['openvpn-server'] as $settings) {
+		if (substr($settings['interface'], 0, 4) == '_vip') {
+			$openvpn_vip = $settings['interface'];
+		} else if (is_array($a_groups[$settings['interface']])) {
+			// interface is a gateway group, check CARP VIP
+			if (substr($a_groups[$settings['interface']][0]['vip'], 0, 4) == '_vip') {
+				$openvpn_vip = $a_groups[$settings['interface']][0]['vip'];
+			}
+		} else {
+			// this OpenVPN instance not on a CARP IP
+			continue;
+		}
 		foreach ($vips as $vip) {
-			if ($settings['interface'] == "_vip{$vip['uniqid']}") {
-				log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master.");
+			if ($openvpn_vip == "_vip{$vip['uniqid']}") {
+				log_error("Starting OpenVPN server instance on {$friendly_descr} because of transition to CARP master.");
 				openvpn_restart('server', $settings);
 			}
 		}