openvpn: p2p_tls is also used by client so treat all of it accordingly

PR: https://forum.opnsense.org/index.php?topic=9133.0
2026-03-19 19:15:22 +00:00 · 2018-07-12 11:45:27 +02:00 · 2018-07-12 11:45:27 +02:00 · 24f1d05c77
commit 24f1d05c77
parent 69fef9cb9e
1 changed files with 17 additions and 15 deletions
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@ -615,21 +615,6 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
    $conf .= "up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup\n";
    $conf .= "down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown\n";

-    switch ($settings['mode']) {
-        case 'server_user':
-        case 'server_tls_user':
-            $conf .= "client-disconnect \"/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh {$mode_id} \"\n";
-            break;
-        case 'server_tls':
-        case 'p2p_tls':
-            // For non user auth types setup client specific overrides, user authenticated ones are commissioned
-            // using the auth script in option auth-user-pass-verify
-            $conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}\"\n";
-            break;
-        default:
-            break;
-    }
-
    if (!empty($iface_ip)) {
        $conf .= "local {$iface_ip}\n";
    }
@ -644,6 +629,23 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
        list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
        $mask = gen_subnet_mask($cidr);

+        // client connect and disconnect handling
+        switch ($settings['mode']) {
+            case 'server_user':
+            case 'server_tls_user':
+                $conf .= "client-disconnect \"/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh {$mode_id}\"\n";
+                break;
+            case 'server_tls':
+            case 'p2p_tls':
+                // For non user auth types setup client specific overrides,
+                // user authenticated ones are commissioned using the auth
+                // script in option auth-user-pass-verify.
+                $conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}\"\n";
+                break;
+            default:
+                break;
+        }
+
        // configure tls modes
        switch ($settings['mode']) {
            case 'p2p_tls':