diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
index 3ae605a29..aa3beee68 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
@@ -432,6 +432,28 @@ Set to 0 to disable, remember to change your client as well.
false
+
+ instance.auth-gen-token-renewal
+
+ text
+ true
+
+ How often the auth token will be renewed, token expire after 2 * renewal time.
+
+ false
+
+
+
+ instance.auth-gen-token-secret
+
+ textbox
+ true
+
+ Optional secret for use with auth-gen-token. This is useful to allow failover between multiple servers without user interaction.
+
+ false
+
+
instance.provision_exclusive
@@ -497,6 +519,17 @@ Set to 0 to disable, remember to change your client as well.
false
+
+ instance.push_inactive
+
+
+ text
+ true
+ Push an inactivity timeout to client connecting. Number of seconds with inactivity before the client should exit.
+
+ false
+
+
instance.redirect_gateway
@@ -611,4 +644,28 @@ Set to 0 to disable, remember to change your client as well.
boolean
+
+ instance.compress_migrate
+
+ checkbox
+ true
+ Conditionally use stub compression for clients configured with compression. This functionality is deprecated in OpenVPN.
+
+ false
+ boolean
+ boolean
+
+
+
+ instance.ifconfig-pool-persist
+
+ checkbox
+ true
+ Save ip address pool to disk
+
+ false
+ boolean
+ boolean
+
+
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 64f284e1d..d696f598e 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -144,6 +144,20 @@ class OpenVPN extends BaseModel
$key . ".auth-gen-token"
));
}
+
+ if (!empty((string)$instance->{'auth-gen-token-renewal'}) && (string)$instance->{'auth-gen-token'} === '') {
+ $messages->appendMessage(new Message(
+ gettext('A token renewal requires a token lifetime.'),
+ $key . ".auth-gen-token-renewal"
+ ));
+ }
+
+ if (!empty((string)$instance->{'auth-gen-token-secret'}) && (string)$instance->{'auth-gen-token'} === '') {
+ $messages->appendMessage(new Message(
+ gettext('A token secret requires a token lifetime.'),
+ $key . ".auth-gen-token-secret"
+ ));
+ }
}
if (!empty((string)$instance->cert)) {
$tmp = Store::getCertificate((string)$instance->cert);
@@ -643,11 +657,29 @@ class OpenVPN extends BaseModel
$options['push'][] = "\"dhcp-option NTP {$opt}\"";
}
}
- foreach (['auth-gen-token'] as $opt) {
- if ((string)$node->$opt != '') {
- $options[$opt] = str_replace(',', ':', (string)$node->$opt);
+ if (!empty((string)$node->push_inactive)) {
+ $options['push'][] = "\"inactive {$node->push_inactive}\"";
+ }
+
+ if ((string)$node->{'auth-gen-token'} !== '') {
+ $options['auth-gen-token'] = $node->{'auth-gen-token'};
+
+ if ((string)$node->{'auth-gen-token-renewal'} !== '') {
+ $options['auth-gen-token'] .= ' ' . $node->{'auth-gen-token-renewal'};
}
}
+
+ if (!empty((string)$node->{'auth-gen-token-secret'})) {
+ $options[''] = $node->{'auth-gen-token-secret'};
+ }
+
+ if (!empty((string)$node->compress_migrate)) {
+ $options['compress'] = 'migrate';
+ }
+
+ if (!empty((string)$node->{'ifconfig-pool-persist'})) {
+ $options['ifconfig-pool-persist'] = "/var/etc/openvpn/instance-{$node_uuid}.pool";
+ }
}
$options['persist-tun'] = null;
$options['persist-key'] = null;
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
index 5875edd99..33a1ab125 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
@@ -280,6 +280,7 @@
remote-random
route-noexec
route-nopull
+ explicit-exit-notify
@@ -287,8 +288,10 @@
push block-outside-dns
push register-dns
+ explicit-exit-notify
+
0
Y
@@ -319,6 +322,10 @@
0
+
+ 0
+
+
0
Y
@@ -373,6 +380,8 @@
mvc
+
+