Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 9595 #4072

Merged
merged 4 commits into from Sep 11, 2019
Merged

Issue 9595 #4072

merged 4 commits into from Sep 11, 2019

Conversation

jwsi
Copy link
Contributor

@jwsi jwsi commented Jun 19, 2019
edited

OpenVPN Gateway Group Fix

Implementation now checks if OpenVPN client/server running on gateway group should resync when IP changes occur or if cables are unplugged/replugged.

Replication Steps

VirtualBox

  1. Use VirtualBox with 3 NAT adapters (WAN1, WAN2, and a monitoring link).
  2. Set up a gateway group with WAN1 (T1) and WAN2 (T2).
  3. Define ovpn client on gwgroup interface.
  4. Alternate adapters within virtualbox between "NAT" and "Not Attached", one will notice that OpenVPN never resyncs to WAN1 when interface comes back online.

Physical Device

  1. Set up gateway group with 2 interfaces on differing tiers.
  2. Unplug WAN1 cable, openvpn resyncs to WAN2.
  3. Replug WAN1 cable, openvpn hugs WAN2 still.

Fix Information

Fix brings the codebase more in line with the currrent implementation defined in rc.openvpn which accounts for situations where OpenVPN instances run on gateway groups.

@jwsi
Update openvpn.inc to allow OpenVPN instances to resync when running …
c46d0b1 
…on a gateway group.

Implementation now checks if OpenVPN client/server running on gateway group should resync when IP changes occur or if cables are unplugged/replugged.
@jwsi
Copy link
Contributor Author

jwsi commented Jul 23, 2019

Is it possible to get a review on this soon?

@jim-p jim-p requested a review from rbgarga July 23, 2019 12:10
@jwsi
Add else clause for cases when OpenVPN interface file does not exist.
614ca41 
- Prevents potential race condition at startup resulting in failure to start OpenVPN instances.
- In cases where interface file is not present the openvpn_resync function handles a restart correctly.
@jwsi
Add ability for OpenVPN instances to resync on IP changes and on boot.
7071aab 
OpenVPN instances resync if interface IP change occurs.
At boot, the interface is the empty string, so resync is mandatory to generate OpenVPN files in /var/etc/openvpn.
rbgarga
rbgarga requested changes Sep 3, 2019
View reviewed changes
src/etc/inc/openvpn.inc Outdated Show resolved Hide resolved
src/etc/inc/openvpn.inc Outdated Show resolved Hide resolved
src/etc/inc/openvpn.inc Outdated Show resolved Hide resolved
src/etc/inc/openvpn.inc Outdated Show resolved Hide resolved
@jwsi
Improve efficiency of resync checks.
15f8062 
GW Group changes are checked iff the interface is not the empty string or the interface in question is not the same as the OpenVPN interface.
netgate-git-updates pushed a commit that referenced this pull request Sep 11, 2019
@rbgarga
Merge pull request #4072 from jwsi/openvpn-gwgroup
3318764
@netgate-git-updates netgate-git-updates merged commit 15f8062 into pfsense:master Sep 11, 2019
@jwsi jwsi deleted the openvpn-gwgroup branch September 14, 2019 00:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbgarga rbgarga rbgarga approved these changes

@jim-p jim-p jim-p approved these changes

Assignees
No one assigned
Labels
Needs to be tested
Projects
None yet
Milestone
No milestone
4 participants
@jwsi @rbgarga @jim-p @netgate-git-updates