diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc
index 62504176b..6e0fa4bcf 100644
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@@ -965,11 +965,12 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
if (empty($settings['common_name']) || empty($server['vpnid'])) {
return false;
}
+
$conf = '';
+
if (!empty($settings['block'])) {
$conf .= "disable\n";
}
-
if (!empty($settings['push_reset'])) {
$conf .= "push-reset\n";
}
@@ -1017,6 +1018,16 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
openvpn_add_dhcpopts($settings, $conf);
+ if (!empty($settings['tun_mtu'])) {
+ $conf .= 'tun-mtu ' . $settings['tun_mtu'] . PHP_EOL;
+ }
+ if (isset($settings['fragment']) && $settings['fragment'] != '') {
+ $conf .= 'fragment ' . $settings['fragment'] . PHP_EOL;
+ }
+ if (!empty($settings['mssfix'])) {
+ $conf .= 'mssfix' . PHP_EOL;
+ }
+
$vpnid = filter_var($server['vpnid'], FILTER_SANITIZE_NUMBER_INT);
if (empty($target_filename)) {
$target_filename = "/var/etc/openvpn-csc/" . $vpnid . "/" . $settings['common_name'];
@@ -1027,10 +1038,15 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
chown($target_filename, 'nobody');
chgrp($target_filename, 'nobody');
return $target_filename;
- } elseif (is_file($target_filename)) {
- unlink($target_filename);
- return null;
}
+
+ /* nothing was configured */
+
+ if (is_file($target_filename)) {
+ unlink($target_filename);
+ }
+
+ return null;
}
function openvpn_prepare($device)
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
index 20932a04a..c1384c773 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
@@ -77,9 +77,7 @@
select_multipletrue
-
- Remote networks for the server, these are configured via iroute{-ipv6} clauses in OpenVPN and inform the server to send these networks to this specific client.
-
+ Remote networks for the server, these are configured via iroute{-ipv6} clauses in OpenVPN and inform the server to send these networks to this specific client.cso.redirect_gateway
@@ -110,9 +108,7 @@
select_multipletrue
-
- Add name to the domain search list. Repeat this option to add more entries. Up to 10 domains are supported
-
+ Add name to the domain search list. Repeat this option to add more entries. Up to 10 domains are supported.cso.dns_servers
@@ -120,9 +116,7 @@
select_multipletrue
-
- Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses.
-
+ Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses.cso.ntp_servers
@@ -130,9 +124,7 @@
select_multipletrue
-
- Set primary NTP server address (Network Time Protocol). Repeat this option to set secondary NTP server addresses.
-
+ Set primary NTP server address (Network Time Protocol). Repeat this option to set secondary NTP server addresses.cso.wins_servers
@@ -141,8 +133,29 @@
truetrue
-
- Set primary WINS server address (NetBIOS over TCP/IP Name Server). Repeat this option to set secondary WINS server addresses.
-
+ Set primary WINS server address (NetBIOS over TCP/IP Name Server). Repeat this option to set secondary WINS server addresses.
+
+
+ header
+
+ true
+
+
+ cso.tun_mtu
+
+ text
+ Take the TUN device MTU to be tun-mtu and derive the link MTU from it.
+
+
+ cso.fragment
+
+ text
+ Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than the specified byte size.
+
+
+ cso.mssfix
+
+ checkbox
+ Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed the recommended size.
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 9cc390c2e..55fffa5f3 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -134,14 +134,25 @@ class OpenVPN extends BaseModel
if ((string)$cso->common_name != $common_name) {
continue;
}
+
// translate content to legacy format so this may easily inject into the existing codebase
- $result['ovpn_servers'] = (string)$cso->servers;
- $result['common_name'] = (string)$cso->common_name;
- $result['description'] = (string)$cso->description;
$result['redirect_gateway'] = str_replace(',', ' ', (string)$cso->redirect_gateway);
- $result['tunnel_network'] = (string)$cso->tunnel_network;
- $result['tunnel_networkv6'] = (string)$cso->tunnel_networkv6;
+ $opts = [
+ 'common_name',
+ 'description',
+ 'dns_domain',
+ 'dns_domain_search',
+ 'fragment',
+ 'mssfix',
+ 'tun_mtu',
+ 'tunnel_network',
+ 'tunnel_networkv6',
+ ];
+ foreach ($opts as $fieldname) {
+ $result[$fieldname] = (string)$cso->$fieldname;
+ }
+
foreach (['local', 'remote'] as $type) {
$f1 = $type . '_network';
$f2 = $type . '_networkv6';
@@ -164,8 +175,6 @@ class OpenVPN extends BaseModel
if (!empty((string)$cso->block)) {
$result['block'] = '1';
}
- $result['dns_domain'] = (string)$cso->dns_domain;
- $result['dns_domain_search'] = (string)$cso->dns_domain_search;
foreach (['dns_server', 'ntp_server', 'wins_server'] as $fieldname) {
if (!empty((string)$cso->$fieldname . 's')) {
foreach (explode(',', (string)$cso->{$fieldname . 's'}) as $idx => $item) {
@@ -174,6 +183,7 @@ class OpenVPN extends BaseModel
}
}
}
+
return $result;
}
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
index e8e058903..2b211467a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
@@ -91,6 +91,19 @@
N
+
+ N
+ 60
+ 65535
+
+
+ N
+ 0
+ 65528
+
+
+ N
+